<?php session_start();?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<?php
if(isset($_SESSION['lang']))
    require_once "./language_files/resetPassword2_" . $_SESSION['lang'] . ".php";
else
    require_once "./language_files/resetPassword2_en.php";

require_once "functions.php";

//establish a connection to the database

if(isset($_GET['code'])) //when the code has been set
{
    $get_email=mysql_real_escape_string($_POST['email']); //get the email from the link
    $get_code=mysql_real_escape_string($_GET['code']); //get the code from the link which is auto generated
    $res=mysql_query("SELECT * FROM Member Where email = '$get_email'"); //select from table member where email submit is the same as the email in our database

    while($row=mysql_fetch_assoc($res))
    { //return in array the value of $res
        $mydb_code=$row['reset_password']; //set the code value  to the reset_password col
        $mydb_email=$row['email']; //set email value to the email returned from database
        if($get_email == $mydb_email && $get_code == $mydb_code) //when the code taken equal to the value of the code in database and the same for email
        {
            $newpass=mysql_real_escape_string($_POST['newpassword']); //submit new password
            $newpass1=mysql_real_escape_string($_POST['newpassword1']); //submit confirmation for new password
            $POST_email=mysql_real_escape_string($_POST['email']); //from the email submit
            $code=mysql_real_escape_string($_GET['code']); //code is the same for email submited

            if($newpass == $newpass1)
            {  //check if the user submit the same password correct in the two fields
                $enc_password=md5($newpass); //used to encrypt the new password
                mysql_query("Update member SET password = '$enc_password' where email = '$POST_email'"); //update table member by setting the password col to the new encrypted one and when the email in the database is the same as the email submited
                mysql_query("Update member SET reset_password = '0' where email = '$POST_email'"); // update table member by set reset_password equal to 0 and it will be changed when the user changed it , the email submited must be as the email in the database


                echo $lang['text_1'] . "<p><a href='SignIn.php>" . $lang['text_2'] . "</a>"; //message tell the user that his password has been changed and he can SignIn again now by his new password
            }
            else
            {
                echo $lang['text_3'] . "<a href='resetPassword2.php?code=$code&email=$POST_email'>" . $lang['text_4'] . "</a>"; //message appear to the user tell him that he didn't enter the same password in the two fields (newpass,newpass1)
            }
        }
    }
}
?>

<form action='resetPassword2.php?code=$get_code' method='POST'>
    <?php echo $lang['pass'];?><br><input type='password' name='newpassword'/><br>
    <?php echo $lang['confirm'];?><br><input type='password' name='newpassword1'/><p>
        <input type='hidden' name='email' value='<?php $mydb_email=mysql_real_escape_string($_GET['email']);
    echo formatText_safe($mydb_email);
    ?>'/>
        <input type='submit' value='<?php echo $lang['update'];?>'/></p>



